ICO Fines British Airways

Today the UK’s data protection regulator, the ICO, announced their intention to fine British Airways £183M as provided by the GDPR for a recent breach which leaked 500M people’s personal information.

This fine is notable in that it is 1.5% of global revenue – which is a lot for a purported attack, which resulted in data loss and in which the company worked closely with regulators throughout the process. It will likely be a critical case that will be used within companies to demonstrate the long-standing mantra of privacy professional of “you did some things to protect, but you didn’t patch, you didn’t close issues, a bad thing happened, and a huge fine came in the door.”

This announcement should help reinforce enterprise DPO’s messaging to their respective businesses that privacy costs time and money to do, but costs a lot more not to do.